strongSwan 5.9.10, a free VPN suite based on the IPSec protocol used in Linux, Android, FreeBSD and macOS. Π Π½ΠΎΠ²ΠΎΠΉ Π²Π΅ΡΡΠΈΠΈ ΡΡΡΡΠ°Π½Π΅Π½Π° ΠΎΠΏΠ°ΡΠ½Π°Ρ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ (CVE-2023-26463), ΠΊΠΎΡΠΎΡΠ°Ρ ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½Π° Π΄Π»Ρ ΠΎΠ±Ρ ΠΎΠ΄Π° Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ, Π½ΠΎ ΠΏΠΎΡΠ΅Π½ΡΠΈΠ°Π»ΡΠ½ΠΎ ΡΠ°ΠΊΠΆΠ΅ ΠΌΠΎΠΆΠ΅Ρ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΠΊ Π²ΡΠΏΠΎΠ»Π½Π΅Π½ΠΈΡ ΠΊΠΎΠ΄Π° Π°ΡΠ°ΠΊΡΡΡΠ΅Π³ΠΎ Π½Π° ΡΡΠΎΡΠΎΠ½Π΅ ΡΠ΅ΡΠ²Π΅ΡΠ° ΠΈΠ»ΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°. ΠΡΠΎΠ±Π»Π΅ΠΌΠ° ΠΏΡΠΎΡΠ²Π»ΡΠ΅ΡΡΡ ΠΏΡΠΈ ΠΏΡΠΎΠ²Π΅ΡΠΊΠ΅ ΡΠΏΠ΅ΡΠΈΠ°Π»ΡΠ½ΠΎ ΠΎΡΠΎΡΠΌΠ»Π΅Π½Π½ΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ² Π² ΠΌΠ΅ΡΠΎΠ΄Π°Ρ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ EAP (Extensible Authentication Protocol) Π½Π° Π±Π°Π·Π΅ TLS.
The vulnerability is caused by the TLS handler incorrectly accepting public keys from a peer's certificate, considering them to be trustworthy, even if the certificate cannot be successfully verified. In particular, when calling the tls_find_public_key() function, fetching based on the public key type is used to determine which certificates are trustworthy. The problem is that the variable used to determine the key type for the lookup operation is set anyway, even if the certificate is not trustworthy.
Moreover, through key manipulation, it is possible to reduce the reference counter (if the certificate is not trustworthy, the reference to the object is released after the key type is determined) and free up memory for the still used object with the key. The considered flaw does not exclude the creation of exploits for organizing information leakage from memory and executing your own code.
Attack on server ΠΎΡΡΡΠ΅ΡΡΠ²Π»ΡΠ΅ΡΡΡ ΡΠ΅ΡΠ΅Π· ΠΎΡΠΏΡΠ°Π²ΠΊΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠΌ ΡΠ°ΠΌΠΎΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΠΎΠ³ΠΎ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° Π΄Π»Ρ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ² EAP-TLS, EAP-TTLS, EAP-PEAP ΠΈ EAP-TNC. ΠΡΠ°ΠΊΠ° Π½Π° ΠΊΠ»ΠΈΠ΅Π½ΡΠ° ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ ΡΠΎΠ²Π΅ΡΡΠ΅Π½Π° ΡΠ΅ΡΠ΅Π· Π²ΠΎΠ·Π²ΡΠ°ΡΠ΅Π½ΠΈΠ΅ server ΡΠΏΠ΅ΡΠΈΠ°Π»ΡΠ½ΠΎ ΠΎΡΠΎΡΠΌΠ»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°. Π£Π·Π²ΠΈΠΌΠΎΡΡΡ ΠΏΡΠΎΡΠ²Π»ΡΠ΅ΡΡΡ Π² Π²ΡΠΏΡΡΠΊΠ°Ρ
strongSwan 5.9.8 ΠΈ 5.9.9. ΠΡΠ±Π»ΠΈΠΊΠ°ΡΠΈΡ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠΉ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² Π² Π΄ΠΈΡΡΡΠΈΠ±ΡΡΠΈΠ²Π°Ρ
ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΡΠ»Π΅Π΄ΠΈΡΡ Π½Π° ΡΡΡΠ°Π½ΠΈΡΠ°Ρ
: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Source: opennet.ru
